The Computer Security Institute recently released its 2009 survey results (must register). One of the charts in the executive summary lists the frequency of occurrence in the survey population. Without any other information more pertinent or specific to your organization,…
Metrics
Confirmation Bias at work?
by Pete Lindstrom • • 2 Comments
Evan Schuman has an intriguing blog post on the McAfee blog about whether the reduced number of data breach reports at DataLossDB.com are indicative of fewer actual data breaches. His answer is unequivocally “No.” His reasoning is as follows: Media…
Ramblings while reading Microsoft’s Security Intelligence Report
by Pete Lindstrom • • 1 Comment
I just downloaded Microsoft’s Security Intelligence Report. Given my predisposition toward good stats, I am looking forward to reading it. Herewith is a running chronology of my thoughts as I read it: opening pages – 25 authors! even more contributors!…
Lindstrom’s Razor is not about security spending
by Pete Lindstrom • • 2 Comments
After a few conversations, and having seen (part of) Russell Cameron Thomas’ post on the topic, I am beginning to realize that people are making a common mistake about Lindstrom’s Razor, which states: The digital assets in question must be…
What is “Lindstrom’s Razor”?
by Pete Lindstrom • • 1 Comment
Yesterday, Andrew Jaquith from Forrester blogged about digital asset value, in response to Russell Cameron Thomas’ post on the same topic, which was in response to a Jeremiah Grossman tweet*. Andrew’s post mentioned a cost-based approach I use for valuation…